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DETAILED ACTION 

1 . Claims 3 1-34, 40-64 are presented for examination. 

Response to Arguments 

2. Applicant's arguments filed 12/18/2009 have been fully considered but they are not 
persuasive. 

3. As per remarks, Applicants argued that (1) Sheinis fails to teach or disclose the claimed 
limitation of "acquiring an object access authority set for the object indicating access authorities 
for methods called by the object". 

4. As to point (1), Examiner respectfully disagrees. Claims are to be given their broadest 
reasonable interpretation during prosecution, and the scope of a claim cannot be narrowed by 
reading disclosed limitations into the claim. See In re Morris, 127 F.3d 1048, 1054, 44 USPQ2D 
1023, 1027 (Fed. Cir. 1997); In re Zletz, 893 F.2d 319, 321, 13 USPQ2D 1320, 1322 (Fed. Cir. 
1989); In re Prater, 415 F.2d 1393, 1404, 162 USPQ 541,550 (CCPA 1969). In this case, Sheinis 
clearly discloses the above claimed limitation as mentioned in paragraph 0007, entity-based 
security can be desirable to control access to an entity bean that is the target of a method call, in 
paragraph 0017, the request is for a method associated with the server object, in paragraph 0110, 
the entity security check for a call for a method of a component interface of an entity bean is 
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typcially performed before the EJB method call, and in paragraph 0130, and in addition, Sheinis 
provides an example that clearly discloses the above claimed limitation, i.e. a "viewer" is 
permitted to call a method named viewSalary() that allows him to view a salary contained in an 
EmployeeRecord entity bean and an "administrator" is permitted to call methods called 
createSalary(), viewSalary(), updateSalary() and removeSalary(). As such, the claim remains 
rejected over Sheinis reference. 

5. As per remarks, Applicants argued that (2) nowhere in Srivastava teaches or mentions 
searching for results for a previous execution of an object in response to determining that the 
user access authority permits access to the method called by the object. 

6. As to point (2), Srivastava discloses caching information that instructs the services engine 
to use cache memory for particular operation, and inform the engine how long the cached data 
should be retained and when it should be considered to be expired [ paragraphs 0070 and 0089 ], 
and ExecutionManager is the coordination of service response caching through the cache 
manager, that implies that the ExecutionManager is responsible check for the availability of 
cached service responses before executing a service, if such response is available, no service will 
be executed and the cached response will be returned to the client [ i.e. broadly interpreted as 
searching for results for a previous execution of an object as claimed ] [ paragraph 0220 ]. 
Therefore, Srivastava teaches the claimed limitation as written. 
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7. As per remarks concerning claims 40, 50 and 59, Applicants provided the same 
arguments as in claim 31, and as such, the response is indicated in point (1) above. 

8. As per remarks concerning claims 41,51 and 60, the response is provided in point (1) 
above. In response to the argument concerning the additional methods called by the methods of 
the object, Sheinis teaches this limitation as well, i.e. one or more methods providing the logic 
and functionality that are employed to determine the access rights of an access request [ 
paragraph 0083 ]. 

9. As per remarks, Applicants argued that (3) Sheinis docs not teach or suggest denying 
access to the execution results if the access authority of one method called by the requested 
object is unknown. 

10. As to point (3), Sheinis discloses the access control manager examines the access control 
rules and makes an initial determination as to whether to approve or reject the call, and there is 
an access control rule that states "allow call of type "B" for only certain people", and the type of 
call that was received was a call of type "B", then an initial determination will be made that "No" 
the call is not approved, and the method will advance to step 234 so that a further determination 
as to whether to approve or reject the call can be made [ i.e. broadly interpreted as denying 
access to the execution results if the access authority of one method called by the requested 
object is unknown as claimed ] [ paragraphs 0092-0098 ]. 
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11. As per remarks, Applicants argued that (4) Sheinis does not teach or suggest the claims of 
executing an object even if access to execution results are not granted. 

12. As to point (4), it is rejected as mentioned in the previous Office Action. Furthermore, 
Sheinis discloses the system to control access at least partially based on user's entity to the result 
of any method on the home or component interface of an entity or session bean [ paragraphs 
0113, 0157 and 0158]. 

Claim Rejections - 35 USC § 103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

14. Claims 31-34, 40-64 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sheinis et al. [ US Patent Application No 2004/0019809 ], in view of Srivastava et al. [ US 
Patent Application No 2002/0120685 ]. 

15. As per claim 3 1 , Sheinis discloses the invention as claimed including a method, 
comprising: 
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receiving a call request from a user to execute an object [ i.e. receiving a request to access 
at least one of a plurality of server objects on a server [210, Figure 3; and paragraphs 0010 and 
0087 ]; 

determining an access authority for the user; acquiring an object access authority set for 
the object indicating access authorities for methods called by the object; comparing the user 
access authority and the object access authority set to determine whether the user access 
authority permits access to the methods called by the object [ i.e. determining whether the call is 
authorized ] [ 230, Figure 3; Figure 4; and paragraphs 0090-0098, and 0109-01 13 ]. 

Sheinis does not specifically disclose 

searching a storage section storing execution results for a previous execution of the object 
prior to executing the call request and in response to determining that the user access authority 
permits access to the methods called by the object. 

Srivastava discloses 

searching a storage section storing execution results for a previous execution of the object 
prior to executing the call request and in response to determining that the user access authority 
permits access to the methods called by the object [ i.e. ExecutionManager is responsible check 
for the availability of cached service responses before executing a service ] [ paragraphs 0070, 
0089, 0220, and 0345-0347 ]. 

It would have been obvious to a person skill in the art at the time the invention was made 
to combine the teaching of Sheinis and Srivastava because the teaching of Srivastava on caching 
would enable to improve system performance and reduce communication overhead. 
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16. As per claim 32, Sheinis discloses wherein the call request is received over a network, 
and wherein the execution results are transmitted over the network [ Figures 1 and 2; and 
paragraphs 0065-0068 ] and wherein the call request with respect to the object comprises a 
request for Web services [ paragraph 0083 ]. 



17. As per claim 33, Srivastava discloses transmitting the execution results for the previous 
execution of the object prior to executing the call request with respect to the object in response to 
determining that the storage section stores the execution results for the previous execution of the 
object subject to the call request [ i.e. return the cache response to the client ] [ paragraph 0220 ]. 



18. As per claim 34, Srivastava discloses passing the call request to an object executor in 
response to determining that the storage section does not store execution results for the previous 
execution of the object subject to the call request [ i.e. check for available in cache ] [ paragraph 
0220 ]. 



19. As per claim 40, Sheinis discloses determining methods called by the object; determining 
an access authority for each determined method; generating the object access authority set to 
comprise the determined access authorities of the determined methods, wherein the object access 
authority set indicates access authorities needed to execute the determined methods [ Figure 4; 
and paragraphs 0090-0098, and 0109-01 13 ]. 
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20. As per claim 41, Sheinis discloses wherein determining the access authority for each 
determined method calling additional methods comprises: determining the access authorities of 
the additional methods called by the method, wherein the object access authority set for the 
method additionally includes the determined access authorities of the additional methods called 
by the method [ paragraphs 0072, 01 14, 0130 ]. 

21 . As per claim 42, Sheinis discloses wherein access to the execution results is not granted 
to the user if the access authority for one determined method is unknown [ i.e. reject the call ] [ 
paragraphs 0093, 0094 and 0097 ]. 

22. As per claim 43, Sheinis discloses wherein the object is executed even if access to the 
execution results is not granted [ paragraphs 0093 and 0094 ]. 

23. As per claim 44, Sheinis discloses storing execution results from the object executor in 
response to executing the object of the call request with the access authority set for the object 
and an object name [ paragraphs 0130, 0144; and claim 13 ]. 

24. As per claim 45, Sheinis discloses returning the execution results to the user having user 
access authority permitting access to the object [ i.e. return response to requester ] [ 280, Figure 
3; and paragraph 0105 ]. 
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25. As per claim 46, Srivastava discloses receiving a subsequent call request for the object 
from the user; returning the execution results to the user in response to determining that the 
execution results are associated with the user without comparing the user access control to the 
object access authority [ paragraphs 0424-0426 ]. 

26. As per claims 47-55 and 56-64, they are rejected for similar reasons as stated above in 
claims 31, 33, 34, 40-45. 

27. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Dustin Nguyen whose telephone number is (571) 272-3971 . The 
examiner can normally be reached on flex. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nathan Flynn can be reached at (571) 272-1915. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/DUSTIN NGUYEN/ 

Primary Examiner, Art Unit 2454 



